D Ports Used by Audit Vault and Database Firewall

This appendix lists the TCP and UDP ports used by Oracle Audit Vault and Database Firewall.

Topics

Ports Required When Database Firewall is Deployed for Secured Targets

These following two classes of ports must be open in external network firewalls for these Database Firewall deployments:

  • When a Database Firewall is configured to protect a Secured Target database, traffic directed to that database must be able to pass through external network firewalls to the Database Firewall. The ports required are configured in the Secured Target's page in the Audit Vault Server (see Oracle Audit Vault and Database Firewall Administrator's Guide).

  • A Database Firewall can be configured to accept proxy connections, which are passed on to the database. The ports required for the proxy connection are configured in the Network Configuration page on the Database Firewall (see Oracle Audit Vault and Database Firewall Administrator's Guide).

We recommend that you do not change these ports.

Ports for Services Provided by the Audit Vault Server

Table D-1 lists ports for services provided by the Audit Vault Server. These services are used by outside users of the system, and access to most of them can be controlled within the AVDF system. If external network firewalls are used, these ports must be open to allow connections from the users (clients) of these services to the Audit Vault Server(s).

Table D-1 Ports for Services Provided by Audit Vault Server

Port Protocol Family Protocol Purpose Notes

22

TCP

SSH

Command line access to system

Disabled by default

161

UDP

SNMP

SNMP Access

Disabled by default

443

TCP

HTTPS

Administration Console (web interface)

 

1521

1522

TCP

Oracle Database

Access for Audit Vault agents, and access to Oracle Database for reporting

 

Ports for Services Provided by the Database Firewall

Table D-2 lists ports for general services provided by the Database Firewall. These services are used by outside users of the system, and access to all them can be controlled within the AVDF system. If external network firewalls are used, these ports must be open to allow connections from the users (clients) of these services to the Database Firewall(s) in the AVDF system.

Table D-2 Ports for Services Provided by Database Firewall

Port Protocol Family Protocol Purpose Notes

22

TCP

SSH

Command line access to system

Disabled by default

161

UDP

SNMP

SNMP Access

Disabled by default

443

TCP

HTTPS

Administration Console (web interface)

 

2050 - 5100

TCP

AVDF Internal Protocol

Incoming traffic captured from Host Monitor

 

2050 - 5100

TCP

Syslog

Incoming WAF (F5) violation alerts

The exact port number used by an enforcement point can be found in the Advanced settings page of the enforcement point. See Oracle Audit Vault and Database Firewall Administrator's Guide.


Ports for External Network Access by the Audit Vault Server

Table D-3 lists ports for external services that may be used by the Audit Vault Server. If external network firewalls are used, the relevant ports must be open so that the Audit Vault Server can use these services as a client.

Table D-3 Ports for External Network Access by the Audit Vault Server

Port Protocol Family Protocol Purpose Notes

25

TCP

SMTP

Email delivery

 

53

UDP

DNS

Domain name service

 

123

UDP and TCP

NTP

Time Synchronization

 

514

UDP, or configured as TCP

Syslog

Syslog alerts

For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide.

514

UDP, or configured as TCP

Proprietary ArcSight protocol over syslog transport

Alerts

For TCP-transport connections to ArcSight server(s) the port must be configured in the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide.

3260

TCP

Software ISCSI

SAN server communication

This port can be configured on Audit Vault Server console when registering a SAN server. See "Registering a SAN Server".


Ports for External Network Access by the Database Firewall

Table D-4 lists ports for external services that may be used by the Database Firewall. If external network firewalls are used, the relevant ports must be open so that the Database Firewall can use these services as a client.

Table D-4 Ports for External Network Access by the Database Firewall

Port Protocol Family Protocol Purpose Notes

53

UDP

DNS

Domain name service

 

123

UDP and TCP

NTP

Time Synchronization

 

514

UDP, or configured as TCP

Syslog

Syslog alerts

For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide.

514

TCP

WAF (F5) alerts

WAF (F5) alerts

The port can be changed from the Audit Vault Server console. See Oracle Audit Vault and Database Firewall Administrator's Guide.


Ports for AVDF Internal TCP Communication

Table D-5 lists ports for services that are used between the Database Firewall and the Audit Vault Server. If an external network firewall is placed between these systems, then the relevant ports must be opened.

Table D-5 Ports for AVDF Internal TCP Communication

Port Protocol Family Protocol Direction Notes

443

TCP

HTTPS

Database Firewall accepts connections from Audit Vault Server

Command interface

1514

TCP

SSL

Audit Vault Server accepts connections from Database Firewall

Event reporting and monitoring